This site uses cookies to improve your experience and to provide services and advertising.
By continuing to browse, you agree to the use of cookies described in our Cookies Policy.
You may change your settings at any time but this may impact on the functionality of the site.
To learn more see our Cookies Policy.

THE NUMBER OF data-protection breaches involving sensitive personal information held by the Health Service Executive (HSE) almost doubled to 212 last year, internal documents have revealed.

The incidents included two cases in which staff members left patients’ records on the roof of their cars before driving away, and one case in which Tusla files were found in an empty building during renovations.

In another data breach, a doctor attached to Mental Health Services in Wexford left confidential records relating to patients in an apartment that he had vacated. They were discovered by a new tenant and later returned to the HSE.

Medical device

Last April, the Data Protection Commissioner was actually a party to a breach that occurred at Midlands Regional Hospital Tullamore, when a patient’s data was accidentally faxed to the Commissioner’s office instead of the individual’s GP.

Later that month, a medical device containing patients’ personal information was sent for repair to a company in the UK by Saolta University Hospital Group.

Instead of the company returning the device, it was reconditioned and provided to an NHS hospital in Hull. The hospital’s IT department discovered that the device still contained the data and contacted the HSE.

In May 2016, a nursing report sheet and x-ray order sheet containing details relating to 27 patients was found misplaced in a building adjacent to University Hospital Limerick.

A month later, a large quantity of files relating to 27 more individuals including patient diagnoses was found on the ground across the road from the hospital. No explanation was offered by the HSE but the importance of data protection awareness was raised at a subsequent team meeting for staff of the relevant department.
Lost

Source: Sasko Lazarov/Photocall Ireland

Three separate incidents in which sensitive patient documents were lost or found in the vicinity of hospital grounds occurred during February and March 2016 at Our Lady of Lourdes Hospital in Drogheda.

In February, wind scattered documents being carried by a staff member between buildings at the hospital. Two pages of a completed service application form were never recovered.

Later that month, a handwritten note containing a patient’s personal details was found in a waiting room; and in March, a document containing information relating to 13 patients was found “in the vicinity of the hospital grounds”.

In October, files belonging to Tusla, the Child and Family Agency, were found by HIQA in an empty building that was in the process of being renovated for use by the charity, Rehab.

The HSE said that the records could not have been accessed by members of the public, and a review of the incident was undertaken with the aim of ensuring that the same mistake does not happen again.

Two incidents occurred last year in which patient records were left on the roof of a car by a HSE staff member before they drove away. The same scenario also occurred twice in 2015.

The first of these incidents happened in April 2016, when an employee at Abbeyfeale Health Centre in Limerick left files on top of their car and drove away. The files were returned by a member of the public the next day.

In October, a HSE staff member working in pensions management placed a file on the roof of their vehicle before leaving a carpark. They later returned and recovered the file but two pages relating to one individual was missing.

Other data-protection breaches occurred when a health worker left a client’s records in another client’s house; when a PC was stolen during a break-in at an addiction services clinic; and when documents relating to patients of Sligo University Hospital were discovered in a bin in Dublin.

The details of 212 data-protection incidents were contained in records released by the HSE under the Freedom of Information Act. In 2015, the number of data-protection incidents reported by the HSE was 113.

TheJournal.ie is a full participating member of the Press Council of Ireland and supports
the Office of the Press Ombudsman. This scheme in addition to defending the freedom of the
press, offers readers a quick, fair and free method of dealing with complaints that they may
have in relation to articles that appear on our pages. To contact the Office of the
Press Ombudsman Lo-Call 1890 208 080 or go to
www.pressombudsman.ie
or www.presscouncil.ie

Please note that TheJournal.ie uses cookies to improve your experience and to provide services and advertising. For more information on cookies please refer to our cookies policy.

Journal Media does not control and is not responsible for user created content, posts, comments, submissions or preferences. Users are reminded that they are fully responsible for their own created content and their own posts, comments and submissions and fully and effectively warrant and indemnify Journal Media in relation to such content and their ability to make such content, posts, comments and submissions available. Journal Media does not control and is not responsible for the content of external websites.